@openparachute/hub 0.7.0 → 0.7.1

package/src/__tests__/hub-db.test.ts

@@ -380,6 +380,42 @@ describe("openHubDb + migrate", () => {
     }
   });
 
+  test("v13 adds invites.username; pre-existing invite rows keep NULL (no backfill)", () => {
+    const h = makeHarness();
+    try {
+      const db = openHubDb(h.dbPath);
+      try {
+        // Simulate a real v12 install: strip the v13 column, mark v13
+        // unapplied, and seed an invite row that pre-dates pre-naming.
+        db.exec(`
+          ALTER TABLE invites DROP COLUMN username;
+          INSERT INTO invites (token, created_by, vault_name, role, provision_vault,
+                               default_mirror, expires_at, created_at)
+          VALUES ('hash-v12', NULL, 'maya', 'write', 1, NULL,
+                  '2099-01-01T00:00:00.000Z', '2026-06-01T00:00:00.000Z');
+        `);
+        db.exec("DELETE FROM schema_version WHERE version = 13");
+        migrate(db);
+        const cols = db
+          .query<{ name: string }, []>("SELECT name FROM pragma_table_info('invites')")
+          .all()
+          .map((c) => c.name);
+        expect(cols).toContain("username");
+        // Grandfathered row → NULL (redeemer picks their own name).
+        const row = db
+          .query<{ username: string | null }, [string]>(
+            "SELECT username FROM invites WHERE token = ?",
+          )
+          .get("hash-v12");
+        expect(row?.username).toBeNull();
+      } finally {
+        db.close();
+      }
+    } finally {
+      h.cleanup();
+    }
+  });
+
   test("v10 FK cascade: deleting a user drops their user_vaults rows", () => {
     const h = makeHarness();
     try {

package/src/__tests__/hub-server.test.ts

@@ -13,6 +13,7 @@ import {
   hubFetch,
   layerOf,
   parseArgs,
+  resolveClientIp,
 } from "../hub-server.ts";
 import { setNotesRedirectDisabled } from "../hub-settings.ts";
 import { clearNotesRedirectLogState } from "../notes-redirect.ts";
@@ -5580,3 +5581,268 @@ describe("force-change-password per-request gate (#469)", () => {
     }
   });
 });
+
+describe("substrate trust headers — X-Parachute-Layer / X-Parachute-Client-IP (H2)", () => {
+  // The hub stamps the layerOf classification + resolved client IP on every
+  // request it forwards to a module upstream, STRIPPING any inbound
+  // occurrences first (a public client must not be able to inject a forged
+  // "loopback" trust signal past the proxy). Surface-runtime design §10.
+
+  function startEchoUpstream(): { port: number; stop: () => void } {
+    const server = Bun.serve({
+      port: 0,
+      hostname: "127.0.0.1",
+      fetch: (req) =>
+        new Response(
+          JSON.stringify({
+            layer: req.headers.get("x-parachute-layer"),
+            clientIp: req.headers.get("x-parachute-client-ip"),
+          }),
+          { status: 200, headers: { "content-type": "application/json" } },
+        ),
+    });
+    return { port: server.port as number, stop: () => server.stop(true) };
+  }
+
+  const fakeServer = (address: string) => ({ requestIP: () => ({ address }) });
+
+  function writeEchoService(h: Harness, port: number): void {
+    writeManifest(
+      {
+        services: [
+          {
+            name: "echo-svc",
+            port,
+            paths: ["/echo-svc"],
+            health: "/echo-svc/health",
+            version: "0.1.0",
+          },
+        ],
+      },
+      h.manifestPath,
+    );
+  }
+
+  test("loopback direct-to-hub → stamped loopback + peer IP (generic proxy)", async () => {
+    const h = makeHarness();
+    const upstream = startEchoUpstream();
+    try {
+      writeEchoService(h, upstream.port);
+      const fetcher = hubFetch(h.dir, { manifestPath: h.manifestPath });
+      const res = await fetcher(req("/echo-svc/x"), fakeServer("127.0.0.1"));
+      expect(res.status).toBe(200);
+      const body = (await res.json()) as { layer: string; clientIp: string };
+      expect(body.layer).toBe("loopback");
+      expect(body.clientIp).toBe("127.0.0.1");
+    } finally {
+      upstream.stop();
+      h.cleanup();
+    }
+  });
+
+  test("tailnet request → stamped tailnet + X-Forwarded-For client IP", async () => {
+    const h = makeHarness();
+    const upstream = startEchoUpstream();
+    try {
+      writeEchoService(h, upstream.port);
+      const fetcher = hubFetch(h.dir, { manifestPath: h.manifestPath });
+      const res = await fetcher(
+        req("/echo-svc/x", {
+          headers: {
+            "tailscale-user-login": "aaron@example.com",
+            "x-forwarded-for": "100.64.0.7",
+          },
+        }),
+        fakeServer("127.0.0.1"),
+      );
+      const body = (await res.json()) as { layer: string; clientIp: string };
+      expect(body.layer).toBe("tailnet");
+      expect(body.clientIp).toBe("100.64.0.7");
+    } finally {
+      upstream.stop();
+      h.cleanup();
+    }
+  });
+
+  test("public (cloudflared) request → stamped public + CF-Connecting-IP", async () => {
+    const h = makeHarness();
+    const upstream = startEchoUpstream();
+    try {
+      writeEchoService(h, upstream.port);
+      const fetcher = hubFetch(h.dir, { manifestPath: h.manifestPath });
+      const res = await fetcher(
+        req("/echo-svc/x", {
+          headers: { "cf-ray": "8abc123", "cf-connecting-ip": "203.0.113.9" },
+        }),
+        fakeServer("127.0.0.1"),
+      );
+      const body = (await res.json()) as { layer: string; clientIp: string };
+      expect(body.layer).toBe("public");
+      expect(body.clientIp).toBe("203.0.113.9");
+    } finally {
+      upstream.stop();
+      h.cleanup();
+    }
+  });
+
+  test("inbound spoof is STRIPPED — public peer injecting loopback headers gets re-stamped", async () => {
+    // The attack H2's strip exists for: a direct network peer (0.0.0.0 bind)
+    // sends X-Parachute-Layer: loopback + a forged client IP. The hub must
+    // strip both and stamp its own fail-closed classification.
+    const h = makeHarness();
+    const upstream = startEchoUpstream();
+    try {
+      writeEchoService(h, upstream.port);
+      const fetcher = hubFetch(h.dir, { manifestPath: h.manifestPath });
+      const res = await fetcher(
+        req("/echo-svc/x", {
+          headers: {
+            "x-parachute-layer": "loopback",
+            "x-parachute-client-ip": "127.0.0.1",
+          },
+        }),
+        fakeServer("198.51.100.20"),
+      );
+      const body = (await res.json()) as { layer: string; clientIp: string };
+      expect(body.layer).toBe("public"); // header-absent non-loopback peer → public
+      expect(body.clientIp).toBe("198.51.100.20"); // peer address, not the forgery
+    } finally {
+      upstream.stop();
+      h.cleanup();
+    }
+  });
+
+  test("direct caller injecting CF-Connecting-IP: layer stamp stays sound (public), client IP is best-effort attribution", async () => {
+    // Pins the documented property (resolveClientIp's "Known limitation"):
+    // a DIRECT caller can spoof the forwarded-IP headers and misattribute
+    // its own address — X-Parachute-Client-IP reflects the injected value —
+    // but it CANNOT spoof the LAYER: the CF header's presence classifies the
+    // request "public" regardless of the peer (here even a loopback one),
+    // so spoofing only ever moves the trust signal DOWN. Layer is the
+    // security signal; client IP is attribution.
+    const h = makeHarness();
+    const upstream = startEchoUpstream();
+    try {
+      writeEchoService(h, upstream.port);
+      const fetcher = hubFetch(h.dir, { manifestPath: h.manifestPath });
+      const res = await fetcher(
+        req("/echo-svc/x", {
+          headers: { "cf-connecting-ip": "203.0.113.50" },
+        }),
+        fakeServer("127.0.0.1"),
+      );
+      const body = (await res.json()) as { layer: string; clientIp: string };
+      expect(body.layer).toBe("public"); // CF header presence → public, not loopback
+      expect(body.clientIp).toBe("203.0.113.50"); // injected value — best-effort by design
+    } finally {
+      upstream.stop();
+      h.cleanup();
+    }
+  });
+
+  test("unknown peer (no Server threaded) → fail-closed public, header for client IP omitted", async () => {
+    const h = makeHarness();
+    const upstream = startEchoUpstream();
+    try {
+      writeEchoService(h, upstream.port);
+      const fetcher = hubFetch(h.dir, { manifestPath: h.manifestPath });
+      // No second arg — peerAddr resolves null; layer fails closed to public.
+      const res = await fetcher(req("/echo-svc/x"));
+      const body = (await res.json()) as { layer: string; clientIp: string | null };
+      expect(body.layer).toBe("public");
+      expect(body.clientIp).toBeNull();
+    } finally {
+      upstream.stop();
+      h.cleanup();
+    }
+  });
+
+  test("per-vault proxy stamps the same headers (shared proxyRequest path)", async () => {
+    const h = makeHarness();
+    const upstream = startEchoUpstream();
+    try {
+      writeManifest(
+        {
+          services: [
+            {
+              name: "parachute-vault-default",
+              port: upstream.port,
+              paths: ["/vault/default"],
+              health: "/health",
+              version: "0.4.0",
+            },
+          ],
+        },
+        h.manifestPath,
+      );
+      const fetcher = hubFetch(h.dir, { manifestPath: h.manifestPath });
+      const res = await fetcher(req("/vault/default/api/notes"), fakeServer("127.0.0.1"));
+      const body = (await res.json()) as { layer: string; clientIp: string };
+      expect(body.layer).toBe("loopback");
+      expect(body.clientIp).toBe("127.0.0.1");
+    } finally {
+      upstream.stop();
+      h.cleanup();
+    }
+  });
+
+  test("/vault/admin route stamps the same headers (proxyToVaultAdmin path)", async () => {
+    const h = makeHarness();
+    const upstream = startEchoUpstream();
+    try {
+      writeManifest(
+        {
+          services: [
+            {
+              name: "parachute-vault",
+              port: upstream.port,
+              paths: ["/vault/default"],
+              health: "/health",
+              version: "0.5.0",
+            },
+          ],
+        },
+        h.manifestPath,
+      );
+      const fetcher = hubFetch(h.dir, { manifestPath: h.manifestPath });
+      const res = await fetcher(
+        req("/vault/admin/", {
+          headers: { "tailscale-user-login": "aaron@example.com" },
+        }),
+        fakeServer("127.0.0.1"),
+      );
+      const body = (await res.json()) as { layer: string };
+      expect(body.layer).toBe("tailnet");
+    } finally {
+      upstream.stop();
+      h.cleanup();
+    }
+  });
+});
+
+describe("resolveClientIp (H2)", () => {
+  test("CF-Connecting-IP wins over X-Forwarded-For and peer", () => {
+    const r = req("/", {
+      headers: { "cf-connecting-ip": "203.0.113.1", "x-forwarded-for": "10.0.0.1" },
+    });
+    expect(resolveClientIp(r, "127.0.0.1")).toBe("203.0.113.1");
+  });
+
+  test("X-Forwarded-For first hop wins over peer", () => {
+    const r = req("/", { headers: { "x-forwarded-for": "10.0.0.1, 10.0.0.2" } });
+    expect(resolveClientIp(r, "127.0.0.1")).toBe("10.0.0.1");
+  });
+
+  test("falls back to the peer address", () => {
+    expect(resolveClientIp(req("/"), "198.51.100.7")).toBe("198.51.100.7");
+  });
+
+  test("null when nothing resolves", () => {
+    expect(resolveClientIp(req("/"), null)).toBeNull();
+  });
+
+  test("whitespace-only header values are treated as absent", () => {
+    const r = req("/", { headers: { "x-forwarded-for": "   " } });
+    expect(resolveClientIp(r, null)).toBeNull();
+  });
+});

package/src/__tests__/invites.test.ts

@@ -28,6 +28,7 @@ import {
   listInvites,
   revokeInvite,
   revokeInvitesForVault,
+  usernameReservedByPendingInvite,
 } from "../invites.ts";
 import { createUser } from "../users.ts";
 
@@ -68,7 +69,7 @@ describe("issueInvite", () => {
     }
   });
 
-  test("defaults: role=write, provision_vault=1, 7-day expiry", async () => {
+  test("defaults: role=write, provision_vault=1, 7-day expiry, no pre-named username", async () => {
     const { db, adminId, cleanup } = await makeDb();
     try {
       const now = new Date("2026-06-04T00:00:00Z");
@@ -76,12 +77,74 @@ describe("issueInvite", () => {
       expect(invite.role).toBe("write");
       expect(invite.provisionVault).toBe(true);
       expect(invite.vaultName).toBeNull();
+      expect(invite.username).toBeNull();
       const expiry = new Date(invite.expiresAt).getTime() - now.getTime();
       expect(Math.round(expiry / 1000)).toBe(DEFAULT_INVITE_TTL_SECONDS);
     } finally {
       cleanup();
     }
   });
+
+  test("pre-named username round-trips through the row", async () => {
+    const { db, adminId, cleanup } = await makeDb();
+    try {
+      const { rawToken, invite } = issueInvite(db, {
+        createdBy: adminId,
+        username: "jonathan",
+        vaultName: "shared",
+        provisionVault: false,
+        role: "read",
+      });
+      expect(invite.username).toBe("jonathan");
+      const found = findInviteByRawToken(db, rawToken);
+      expect(found?.username).toBe("jonathan");
+      expect(found?.vaultName).toBe("shared");
+      expect(found?.provisionVault).toBe(false);
+      expect(found?.role).toBe("read");
+    } finally {
+      cleanup();
+    }
+  });
+});
+
+describe("usernameReservedByPendingInvite", () => {
+  test("pending reserves; redeemed / revoked / expired / other-name do not", async () => {
+    const { db, adminId, cleanup } = await makeDb();
+    try {
+      const now = new Date("2026-06-10T00:00:00Z");
+      // Pending → reserved.
+      issueInvite(db, { createdBy: adminId, username: "pending-name", now: () => now });
+      expect(usernameReservedByPendingInvite(db, "pending-name", now)).toBe(true);
+      expect(usernameReservedByPendingInvite(db, "other-name", now)).toBe(false);
+      // Redeemed → free.
+      const redeemed = issueInvite(db, {
+        createdBy: adminId,
+        username: "used-name",
+        now: () => now,
+      });
+      consumeInvite(db, redeemed.invite.tokenHash, adminId, now);
+      expect(usernameReservedByPendingInvite(db, "used-name", now)).toBe(false);
+      // Revoked → free.
+      const revoked = issueInvite(db, {
+        createdBy: adminId,
+        username: "gone-name",
+        now: () => now,
+      });
+      revokeInvite(db, revoked.invite.tokenHash, now);
+      expect(usernameReservedByPendingInvite(db, "gone-name", now)).toBe(false);
+      // Expired → free.
+      issueInvite(db, {
+        createdBy: adminId,
+        username: "old-name",
+        expiresInSeconds: 60,
+        now: () => now,
+      });
+      const later = new Date(now.getTime() + 120_000);
+      expect(usernameReservedByPendingInvite(db, "old-name", later)).toBe(false);
+    } finally {
+      cleanup();
+    }
+  });
 });
 
 describe("findInviteByRawToken", () => {

package/src/__tests__/lifecycle.test.ts

@@ -1,5 +1,5 @@
 import { describe, expect, test } from "bun:test";
-import { mkdtempSync, openSync, rmSync, writeFileSync } from "node:fs";
+import { mkdtempSync, openSync, rmSync, utimesSync, writeFileSync } from "node:fs";
 import { tmpdir } from "node:os";
 import { join } from "node:path";
 import {
@@ -678,10 +678,37 @@ describe("group-aware kill / liveness (hub#88)", () => {
 });
 
 // ---------------------------------------------------------------------------
-// `parachute logs <svc>` — unchanged by Phase 5b. Reads the per-service logfile
-// keyed by short name (the readers §7.5 keeps). Includes the internal `hub`.
+// `parachute logs <svc>`. Under hub-as-supervisor (Phase 5b) a module's output
+// is multiplexed into the HUB log with a `[<svc>] ` line prefix, so `logs <svc>`
+// reads that stream filtered to the service (hub#652). The per-service logfile
+// keyed by short name (the readers §7.5 keeps) survives as the legacy source
+// when it's fresher than the hub log (pre-supervised installs). `logs hub`
+// reads the hub log unfiltered.
 // ---------------------------------------------------------------------------
 
+/** The supervisor's multiplexed hub-log shape (supervisor.ts pipeOutput). */
+const INTERLEAVED_HUB_LOG =
+  "[vault] vault boot\n" +
+  "[scribe] scribe boot\n" +
+  "[vault] GET /vault/default/api/notes 200 7ms\n" +
+  "[surface] [app-dcr] client registered\n" +
+  "[vaultx] not vault's line\n" +
+  "[vault] sync ok\n";
+
+const VAULT_LINES_STRIPPED = ["vault boot", "GET /vault/default/api/notes 200 7ms", "sync ok"];
+
+function writeHubLog(configDir: string, content: string): string {
+  const path = ensureLogPath("hub", configDir);
+  writeFileSync(path, content);
+  return path;
+}
+
+/** Backdate a file's mtime so freshness comparisons are deterministic. */
+function backdate(path: string, secondsAgo: number): void {
+  const t = new Date(Date.now() - secondsAgo * 1000);
+  utimesSync(path, t, t);
+}
+
 describe("parachute logs", () => {
   test("hint when no log file exists", async () => {
     const h = makeHarness();
@@ -829,4 +856,212 @@ describe("parachute logs", () => {
       h.cleanup();
     }
   });
+
+  // ---- hub#652: supervised modules read the hub log's [svc]-prefixed stream ----
+
+  test("supervised module: reads the hub log filtered to its prefix, stripped (hub#652)", async () => {
+    const h = makeHarness();
+    try {
+      seedVault(h.manifestPath);
+      writeHubLog(h.configDir, INTERLEAVED_HUB_LOG);
+      // No per-service vault.log — the supervised steady state.
+      const log: string[] = [];
+      const code = await logs("vault", {
+        configDir: h.configDir,
+        manifestPath: h.manifestPath,
+        log: (l) => log.push(l),
+      });
+      expect(code).toBe(0);
+      // Exact-prefix match: `[vaultx]` noise excluded; `[vault] ` stripped.
+      expect(log).toEqual(VAULT_LINES_STRIPPED);
+    } finally {
+      h.cleanup();
+    }
+  });
+
+  test("stale per-service file + fresher hub log: the hub stream wins (the live hub#652 shape)", async () => {
+    const h = makeHarness();
+    try {
+      seedVault(h.manifestPath);
+      const legacy = ensureLogPath("vault", h.configDir);
+      writeFileSync(legacy, "stale pre-cutover line\n");
+      backdate(legacy, 3600);
+      writeHubLog(h.configDir, INTERLEAVED_HUB_LOG);
+      const log: string[] = [];
+      const code = await logs("vault", {
+        configDir: h.configDir,
+        manifestPath: h.manifestPath,
+        log: (l) => log.push(l),
+      });
+      expect(code).toBe(0);
+      expect(log).toEqual(VAULT_LINES_STRIPPED);
+      expect(log.join("\n")).not.toContain("stale pre-cutover line");
+    } finally {
+      h.cleanup();
+    }
+  });
+
+  test("per-service file fresher than the hub log: legacy file wins (pre-supervised install)", async () => {
+    const h = makeHarness();
+    try {
+      seedVault(h.manifestPath);
+      const hubLog = writeHubLog(h.configDir, "[vault] old supervised line\n");
+      backdate(hubLog, 3600);
+      const legacy = ensureLogPath("vault", h.configDir);
+      writeFileSync(legacy, "live detached line\n");
+      const log: string[] = [];
+      const code = await logs("vault", {
+        configDir: h.configDir,
+        manifestPath: h.manifestPath,
+        log: (l) => log.push(l),
+      });
+      expect(code).toBe(0);
+      expect(log).toEqual(["live detached line"]);
+    } finally {
+      h.cleanup();
+    }
+  });
+
+  test("lines cap applies to the FILTERED set, not raw hub-log lines", async () => {
+    const h = makeHarness();
+    try {
+      seedVault(h.manifestPath);
+      writeHubLog(h.configDir, INTERLEAVED_HUB_LOG);
+      const log: string[] = [];
+      const code = await logs("vault", {
+        configDir: h.configDir,
+        manifestPath: h.manifestPath,
+        lines: 2,
+        log: (l) => log.push(l),
+      });
+      expect(code).toBe(0);
+      expect(log).toEqual(VAULT_LINES_STRIPPED.slice(-2));
+    } finally {
+      h.cleanup();
+    }
+  });
+
+  test("hub log has no lines for the service + no per-service file: start hint", async () => {
+    const h = makeHarness();
+    try {
+      seedVault(h.manifestPath);
+      writeHubLog(h.configDir, "[scribe] scribe boot\n");
+      const log: string[] = [];
+      const code = await logs("vault", {
+        configDir: h.configDir,
+        manifestPath: h.manifestPath,
+        log: (l) => log.push(l),
+      });
+      expect(code).toBe(0);
+      expect(log.join("\n")).toMatch(/no logs yet for vault/);
+    } finally {
+      h.cleanup();
+    }
+  });
+
+  test("hub log has no lines for the service + per-service file exists: legacy shown with a note", async () => {
+    const h = makeHarness();
+    try {
+      seedVault(h.manifestPath);
+      const legacy = ensureLogPath("vault", h.configDir);
+      writeFileSync(legacy, "old detached line\n");
+      backdate(legacy, 3600);
+      writeHubLog(h.configDir, "[scribe] scribe boot\n");
+      const log: string[] = [];
+      const code = await logs("vault", {
+        configDir: h.configDir,
+        manifestPath: h.manifestPath,
+        log: (l) => log.push(l),
+      });
+      expect(code).toBe(0);
+      // The note distinguishes the stale per-service file from the live
+      // stream — the exact "stale logs presented as current" trap in hub#652.
+      expect(log[0]).toMatch(/no vault lines in the hub log/);
+      expect(log).toContain("old detached line");
+    } finally {
+      h.cleanup();
+    }
+  });
+
+  test("follow mode filters the hub stream and strips the prefix (hub#652)", async () => {
+    const h = makeHarness();
+    try {
+      seedVault(h.manifestPath);
+      writeHubLog(h.configDir, INTERLEAVED_HUB_LOG);
+      const encoder = new TextEncoder();
+      let streamedPath: string | undefined;
+      const followStream = (path: string): ReadableStream<Uint8Array> => {
+        streamedPath = path;
+        return new ReadableStream<Uint8Array>({
+          start(controller) {
+            controller.enqueue(encoder.encode("[vault] live one\n[scribe] noise\n"));
+            // Split a line across chunks to exercise the line buffer.
+            controller.enqueue(encoder.encode("[vault] live "));
+            controller.enqueue(encoder.encode("two\n"));
+            controller.close();
+          },
+        });
+      };
+      const log: string[] = [];
+      const code = await logs("vault", {
+        configDir: h.configDir,
+        manifestPath: h.manifestPath,
+        follow: true,
+        followStream,
+        log: (l) => log.push(l),
+      });
+      expect(code).toBe(0);
+      expect(streamedPath).toContain("hub.log");
+      expect(log).toEqual([...VAULT_LINES_STRIPPED, "live one", "live two"]);
+    } finally {
+      h.cleanup();
+    }
+  });
+
+  test("follow mode with a fresher per-service file tails THAT file via tail -f", async () => {
+    const h = makeHarness();
+    try {
+      seedVault(h.manifestPath);
+      const hubLog = writeHubLog(h.configDir, "[vault] old supervised line\n");
+      backdate(hubLog, 3600);
+      const legacy = ensureLogPath("vault", h.configDir);
+      writeFileSync(legacy, "live detached line\n");
+      const spawned: string[][] = [];
+      const code = await logs("vault", {
+        configDir: h.configDir,
+        manifestPath: h.manifestPath,
+        follow: true,
+        tailSpawner: {
+          spawn(cmd) {
+            spawned.push([...cmd]);
+            return 12345;
+          },
+        },
+        log: () => {},
+      });
+      expect(code).toBe(0);
+      expect(spawned).toHaveLength(1);
+      expect(spawned[0]?.[0]).toBe("tail");
+      expect(spawned[0]?.at(-1)).toBe(legacy);
+    } finally {
+      h.cleanup();
+    }
+  });
+
+  test("logs hub: stays unfiltered — module-prefixed lines included", async () => {
+    const h = makeHarness();
+    try {
+      writeHubLog(h.configDir, INTERLEAVED_HUB_LOG);
+      const log: string[] = [];
+      const code = await logs("hub", {
+        configDir: h.configDir,
+        manifestPath: h.manifestPath,
+        log: (l) => log.push(l),
+      });
+      expect(code).toBe(0);
+      expect(log).toEqual(INTERLEAVED_HUB_LOG.replace(/\n$/, "").split("\n"));
+    } finally {
+      h.cleanup();
+    }
+  });
 });